Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 16:54:43 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request - kernel: information leak in
 sigaltstack


On Tue, 4 Aug 2009, Eugene Teo wrote:

> do_sigaltstack: avoid copying 'stack_t' as a structure to user space


======================================================
Name: CVE-2009-2847
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847
Reference: MILW0RM:9352
Reference: URL:http://www.milw0rm.com/exploits/9352
Reference: MLIST:[oss-security] 20090804 CVE request - kernel: information leak in sigaltstack
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/04/1
Reference: MLIST:[oss-security] 20090805 Re: CVE request - kernel: information leak in sigaltstack
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/05/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=515392

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6
before 2.6.31-rc5, when running on 64-bit systems, does not clear
certain padding bytes from a structure, which allows local users to
obtain sensitive information from the kernel stack via the sigaltstack
function.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.